X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=bluechips%2Fcontrollers%2Ftransfer.py;h=ed0601845fc58b9db6f8ad67bfd1daf1e10d0702;hb=9cc05ca9160a9432d037afb9cc22c511e2542947;hp=016f508df07f7d379d468db895be23454dd2ec8e;hpb=25e0dd950ef119f1bf6b7ab0a54c730f4f9f5922;p=bluechips.git

diff --git a/bluechips/controllers/transfer.py b/bluechips/controllers/transfer.py
index 016f508..ed06018 100644
--- a/bluechips/controllers/transfer.py
+++ b/bluechips/controllers/transfer.py
@@ -10,6 +10,8 @@ from bluechips.lib.base import *
 
 from pylons import request, app_globals as g
 from pylons.decorators import validate
+from pylons.decorators.secure import authenticate_form
+from pylons.controllers.util import abort
 
 from formencode import Schema, validators
 
@@ -42,8 +44,12 @@ class TransferController(BaseController):
         else:
             c.title = 'Edit a Transfer'
             c.transfer = meta.Session.query(model.Transfer).get(id)
+            if c.transfer is None:
+                abort(404)
         return render('/transfer/index.mako')
     
+    @redirect_on_get('edit')
+    @authenticate_form
     @validate(schema=TransferSchema(), form='edit')
     def update(self, id=None):
         if id is None:
@@ -52,6 +58,8 @@ class TransferController(BaseController):
             op = 'created'
         else:
             t = meta.Session.query(model.Transfer).get(id)
+            if t is None:
+                abort(404)
             op = 'updated'
         
         update_sar(t, self.form_result)